GCVE - cpe:2.3:a:n/a:org.webjars.bower:jsondiffpatch:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:org.webjars.bower:jsondiffpatch:*:*:*:*:*:*:*:*

part: a version: jsondiffpatch update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Org.Webjars.Bower (`ebf568d0-a742-5bf5-b76e-4c4aa60bb31f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-9910`	vulnerable	2026-06-08 07:47:10.252400	Details available MEDIUM (4.7) Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and the result renderer using the built-in html formatter on a private website. Published: 2025-09-11T05:00:02.071Z Updated: 2025-09-11T13:09:13.093Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-JS-JSONDIFFPATCH-10369031 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-12549276 https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-12549277 https://github.com/benjamine/jsondiffpatch/commit/0e374b5dd8d7879b329a9fc18affbd46ad50dd14 https://github.com/benjamine/jsondiffpatch/issues/383	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.